0.4.0

[blockpane]

This merges in Andrey's changes to allow using captcha from geetest, and using alternate authorization.

[blockpane]

Note that geetest requires some extra permissions when using content-security-policy:

Content-Security-Policy "default-src 'self'; script-src api.geetest.com monitor.geetest.com dn-staticdown.qbox.me static.geetest.com 'self' 'unsafe-eval'; style-src static.geetest.com dn-staticdown.qbox.me 'self'; connect-src api.commerce.coinbase.com api.geetest.com 'self'; img-src data: static.geetest.com 'self'"

The unsafe-eval I'm not entirely happy about, there's really no excuse for this captcha to be using jsonp. I'll leave final decision on merge up to @lukestokes

[lukestokes]

Well, I built an entire business (FoxyCart) that dealt with credit cards using jsonp, and we didn't have too many complaints. There's no personally identifiable information involved in the free giveaway process so I'm going to call this good and move forward. If there are better options, please open an issue ticket and we can revisit.